If you are talking about processing a thumbprint or facial recognition, then it's the job of the hardware to give you a usable data representation that you can process in any language. It's likely that the hardware makes certain assumptions and turns physical/analog data into a hash, and then you actually process said hash. If not, and you are getting raw data, then sure - nothing stops php from working on a byte stream.

If you plan on taking payments online, there are standards to follow. Most gateways will provide you with an API to integrate with, or pre-cooked up scripts for you to call. If you want to add additional security to your payment process, that's on you - but at the end of the day it comes down to encryption (which you likely won't be writing, but instead you will implement someone elses), and using SSL to send data over to the processor/gateway.

Is there a specific problem you are having with getting started? Do you have code written already and you are stuck somewhere?